Today's blunder - Official fix/apology/reassurances??

Discussion in 'ESET Smart Security' started by guitareth, May 22, 2008.

Thread Status:
Not open for further replies.
  1. guitareth

    guitareth Registered Member

    Joined:
    Jun 3, 2007
    Posts:
    17
    After losing a whole morning in my business due to ESET's incompetence with this screwed antivirus update (which locked up ALL of our company's PCs) I have finally got things back running by disabling the ESET progam or services from running on start-up. But of course, in this state I am unable to update the program (that's assuming the latest update will resolve the problems?) and I am now running multiple PCs with no antivirus protection whatsoever.

    Wonderful, and still no formal announcement from ESET as to an overall fix for this.

    This a MAJOR MAJOR f*** up for an antivirus vendor, as apart from the damage this has done in lost hours to businesses across the country, how can we ever have confidence in your products again?

    I also feel for all the other ESET customers who have not yet twigged that their antivirus update caused the problem and are hassling Adobe, other software vendors, and other IT support companies, and frantically trying to find out why their PCs have locked up completely. Most are probably assuming their machines have been hit by a virus when in fact it's their antivirus program that has caused the whole problem!!

    This blunder must have cost thousands to companies using your software ESET, so one would hope there will promptly be clear and comprehensive instructions posted (not just here as only a select few probably know of this forum) but also on front page of your website.... along with fullsome apologies, and some reassurances as to what you've learned from this episode and what you intend to do to avoid it happening again. (Do you actually test the updates before releasing them??!!).

    Yes I'm MAD and I feel I have every right to be. :cautious:
     
  2. Ezel

    Ezel Registered Member

    Joined:
    May 22, 2008
    Posts:
    7
    One of my biggest questions, "Why wasn't it tested before release??"

    guitareth, I feel the same as you do. But if they have not posted by now, I doubt you'll hear anything.

    Also keep in mind its not just us here at the fourms, but what about the other users who have a single pc and the lockups dont allow them to get tech support for it now.
     
  3. KTamas

    KTamas Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    (I know this is the SmartSec forum and we "only" use NOD32 but nevertheless...)

    I have to agree with guitareth here. All of our company's PCs use NOD32 (that's 30+ computers!) and we were lucky to only have 4 computers locking up and being practically useless for hours, which is really bad for us (and for pretty much every business and/or user). It's highly ironic that some of our licences will expire in 3 days and we were about to renew them today.

    While for one hand I find a screwup like this unacceptable, NOD32 do have a nice track record being this pretty much the first screwup I've ever encountered with them and they are humans after all. In any case, while I'd still choose NOD32 over any other antivirus products (and we'll still renew those licences), my faith in ESET did get a bit weaker.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Hello,

    we are very sorry for the problems you have experienced with one of the recent updates. The root of the problem was a problematic section in the code that emerged just recently. It was not a typical false positive, such as a wrong signature or heuristics triggering an alarm on benign files. I can assure you that we do make tests before releasing updates to prevent false positives from occuring. In this case, the alarm was triggered under specific circumstances varying from computer to computer (ie. a specific file flagged on one computer was not flagged on each other). Right now we are preparing a knowledge base article concerning this issue. Those who are experiencing problems should follow these instructions:

    - restart the computer in Safe mode (press F8 several times before the Windows logo appears)
    - delete the file C:\Program Files\ESET\ESET Smart Security\em002_32.dat
    - delete the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles or If you have Windows Vista delete the folder C:\Users\All Users\ESET\ESET Smart Security\Updfiles
    - delete all files in the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\ or
    - restart the computer
    - start Windows in normal mode and update ESET Smart Security/ESET NOD32 Antivirus by hitting the button „Update virus signature database“

    Note: Windows Vista uses the folder "Users" instead of "Documents and Settings"
     
  5. RoseDreamJ

    RoseDreamJ Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17
    Location:
    NY USA
    Thank you Marcos and Eset. Your instructions seem to have solved the problem here.
     
  6. cdestin

    cdestin Registered Member

    Joined:
    May 22, 2008
    Posts:
    1
    Yes, Thankyou the fix has worked on both of my machines. The Adobe applications do not seem to require re-loading. YES!!!!!!
     
  7. FauxMaven

    FauxMaven Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    What's the simplest method of reverting to version 2.7 of this product? 3.0 has been a troublesome product since I installed it in late 2007. Having used the 2.x version for years I HAD great confidence in 3.0 at launch.
     
  8. denno

    denno Registered Member

    Joined:
    Mar 22, 2006
    Posts:
    49
    Firstly, can anyone elaborate on what the problem actually is or was? a certain version of an signature update if I've read right? Is everyone vulnerable? If you have....

    ... file present, is this a problem?
     
  9. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Thanks for the fix, but really, this should never have happened in the first place.

    This has cost me several hours of lost time as the problems caused by the false positives with Comodo, and Acrobat have resulted in my RAID 1 array deciding to do a repair. The knock on is that my system has been reduced to a crawl all afternoon.

    I'm not impressed!

    What reassurances have we that this issue will not return?
     
  10. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Marcos,
    Am I right that the above fix should read as:

    - restart the computer in Safe mode (press F8 several times before the Windows logo appears)
    - delete the file C:\Program Files\ESET\ESET Smart Security\em002_32.dat
    - delete the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles or If you have Windows Vista delete the folder C:\Users\All Users\ESET\ESET Smart Security\Updfiles
    - delete all files in the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\ or If you have Windows Vista delete all files in C:\Users\All Users\Application Data\ESET\ESET Smart Security\Charon\
    - restart the computer
    - start Windows in normal mode and update ESET Smart Security/ESET NOD32 Antivirus by hitting the button „Update virus signature database“
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  12. terradon

    terradon Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    78
    I'm fortunate that a 2nd computer was slowed dramatically after the update, but eventually recovered. Without it, I'd have never found this thread.

    During the system scan after the update, ESS alerted on:
    C:\Program Files\Adobe\Adobe Dreamweaver CS3\AdobeLM_libFNP.dll probably a variant of Unknown virus

    Naturally, a more complete scan was in order. Bad move!! ESS would consume 100% CPU in an endless loop.

    CTL/ALT/DEL never did find a CPU cycle to be heard and a reset was the only way to kill what was going on.

    Did a Safe Boot and ran a scan. After 25 minutes of agonizingly slow scanning the DOS screen showed, "C:program Files\Common Files\Support Soft\BIN\SSRC.EXE>>Zip77 META-INF/", Threat="", Action="",Info="Archive Damaged
    Another 35 minutes and the scan finally completed. That was it.

    Rebooted, signed on and the system froze. 100% CPU for ESS again.

    ARGH!! I spent the better part of 4 hours troubleshooting and searching, including the Eset site, before I made it here to Wilders.

    While I'm happy to know it wasn't something that I did, I'm angry that I lost so much time. I had far more productive things to do today!!!

    Don
     
  13. zer0l0gic

    zer0l0gic Registered Member

    Joined:
    May 7, 2008
    Posts:
    52
    So will the problematic code be fixed as a module update or another new version.

    I understand mistakes can happen, but what about a reliable fix?
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    Comment from Marcos. https://www.wilderssecurity.com/showpost.php?p=1247308&postcount=32
     
  15. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Did this actually affect both V2 and ESS or only ESS. I am running 2.7 and did not notice any issues (yet:doubt: )
     
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  17. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  19. GRAC

    GRAC Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    27
    I'm really sorry, and consider this an exception since I usually never let myself go on forums, but I'd really like to say: stop B*TCHING!! please...

    In all honesty... see if McAfee is going to make your life easier... Or Symantec for that matter. On stand-alone systems they too can make your life and that of the end-user a living hell from time to time, let alone in a network environment...

    I'm sorry, but if one scr*w up from one application is leaving your company in a *truly* unworkable environment... maybe you should consider creating a better manageable environment.

    Go to the Microsoft forums and start whining about every error etc. over there. (Delayed Write Failed on a fileserver anyone?? ;-) XP in the early days? Vista still? ).

    Come one.... lost time? That's what you're a sysadmin for, solving problems should they occur. Sure, it should not have happened, but...

    You're working with computers, with humans. Lets stay reasonable. From time to time things are bound to go wrong in one way or another. You make mistakes yourselves too right? People freak out way to soon I think.

    Of course, it's a bad thing... but don't freak out about it please. Anger is understandable but.... some of these posts really make me wonder why anyone became a windows admin anyway.... (says the windows guy ;-) )

    I think the problem was solved pretty quickly to be honest. I mean... we probably all know of issues which last for months or even years. (95-uche-98 )
     
  20. spunka

    spunka Registered Member

    Joined:
    May 24, 2008
    Posts:
    10
    Umm, how about you take some of your own advice?
     
  21. GRAC

    GRAC Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    27
    I did, that's why I said sorry in advance :)
     
  22. Hansjuh

    Hansjuh Registered Member

    Joined:
    May 27, 2008
    Posts:
    1
    This is no fix for 440+ workstations and 60+ servers :thumbd:
     
  23. spunka

    spunka Registered Member

    Joined:
    May 24, 2008
    Posts:
    10
    Where did this information come from?
     
  24. GRAC

    GRAC Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    27
    I'm guessing this could all be scripted and executed remotely, right?
    Sow... now we need someone with this problem on his machine and who knows/wants to/has time to write a script.... ;)
    Anyone?
     
Thread Status:
Not open for further replies.